CVE-2015-1349 — Unchecked Error Condition in Bind

CWE-399 CWE-391 — Unchecked Error Condition10 documents10 sources

Severity

5.4MEDIUMNVD

EPSS

11.1%

top 6.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedFeb 19

Latest updateMay 14

Description

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.9.5.dfsg-9+3

▶NVDisc/bind26 versions+25

🔴Vulnerability Details

GHSA

GHSA-q3mx-v284-x6qr: named in ISC BIND 9↗2022-05-14

▶

CVEList

CVE-2015-1349: named in ISC BIND 9↗2015-02-19

▶

OSV

CVE-2015-1349: named in ISC BIND 9↗2015-02-19

▶

📋Vendor Advisories

BSD

FreeBSD-SA-15:05.bind: BIND remote denial of service vulnerability↗2015-02-25

▶

Red Hat

bind: issue in trust anchor management can cause named to crash↗2015-02-20

▶

Ubuntu

Bind vulnerability↗2015-02-18

▶

Debian

CVE-2015-1349: bind9 - named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P...↗2015

▶

Apple

CVE-2015-1349: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2015-1349 bind: issue in trust anchor management can cause named to crash↗2015-02-18

▶